package com.zhangpan.order.controller;

import com.zhangpan.order.entity.UserDTO;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/r")
public class OrderController {

    @GetMapping(value = "/r1")
    @PreAuthorize("hasAnyAuthority('p1')")
    public String r1() {

        String user = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal();


        return user+ "访问资源1";
    }

    @PreAuthorize("hasAuthority('p2')")
    @GetMapping(value = "/r2")
    public String r2() {

        String user = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal();


        return user+ "访问资源2";
    }
}
